Microsoft 365 Defender Add-on for Splunk

Splunk Community
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft 365 Defender Add-on for Splunk

Microsoft 365 Defender Add-on for Splunk
Archived
**** UPDATE **** This add-on functionality has been replaced by the following: * Data collection is now in the Splunk Add-on for Microsoft Security - https://splunkbase.splunk.com/app/6207/ * Dashboards are now in the Microsoft 365 Add-on for Splunk - https://splunkbase.splunk.com/app/3786/ The Microsoft 365 Defender Add-on for Splunk collects incidents and related information from Microsoft 365 Defender and/or alerts from Microsoft Defender for Endpoint. Microsoft 365 Defender Incidents * Incident (impossible travel, activity from Tor IP, suspicious inbox forwarding, successful logon using potentially stolen credentials, etc.) * Assignee * Classification * Severity * Status * Alerts associated with the Incident Microsoft Defender for Endpoint Alerts * Categories (Malware, Initial Access, Execution, etc.) * Detection source * Evidence * Computer name * Related user * Severity * Status
Ask a Question View in Splunkbase
0 topics and 0 replies mentioned Microsoft 365 Defender Add-on for Splunk in
Latest Topics
No posts to display.
Latest Replies
No posts to display.
Top Topics
No posts to display.
My Topics
No posts to display.